Semiconductor memory cards such as an IC card and an SD memory card have been experimentally introduced to various industries extending from mass media including broadcast and publishing industries to financial institutions, and governmental and local organizations. The semiconductor memory cards have caused a sensation in these industries because of their enormous convenience. In a semiconductor memory card, data is managed in a layer model having a physical layer, a file system layer, and an application layer. Therefore, a user can create a file on a semiconductor memory card, and delete the created file in the same procedure as deleting a file stored on a computer.
Deletion of a file on a conventional semiconductor memory card only involves overwriting of management information, which includes a file allocation table (FAT) showing link relations between file fragments and a file entry. The reason for this is mentioned in the following. If management information for a file is overwritten, locations of fragments constituting a file entity on a semiconductor memory card are lost and link relations between fragments discontinuously located on a semiconductor memory card are broken. This makes reading of the file impossible.
Data management by a file system on a conventional semiconductor memory card is described in unexamined Japanese patent publication No. 2001-188701, U.S. Pat. No. 5,479,638 and Japanese patent No. 3389186.
According to the above-mentioned method for file deletion, a FAT and a file entry are overwritten. However, a file entity of a deleted file and fragments constituting the file entity still remain, discontinuously though, on a semiconductor memory card. If such a deleted file contains data concerning money transactions, there is a danger that bank account numbers and ATM card numbers are read from discrete fragments.
Furthermore, a third person can regenerate a deleted file by tracing discontinuous fragments on a semiconductor memory card, to acquire the contents of the file that should have been deleted.
However, there is a reason why file deletion only involves overwriting of management information such as an FAT and a file entry. It is because of a processing time required for overwriting. According to a trial calculation, it takes 2 milliseconds to overwrite 512 bytes. 4 seconds for 1 megabyte, and 40 seconds for 10 megabytes. This indicates that it takes time to perform a complete deletion operation, that is to say, to overwrite a file entity of a file so as to make reading of the file totally impossible. Moreover, such a complete deletion operation poses a problem of where data indicating locations of fragments constituting a deleted file should be stored. If data indicating locations of fragments, as well as the fragments, is stored in a nonvolatile memory, a third person can possibly read the locations of the fragments before a complete deletion operation is accomplished. Therefore, information about a file to be deleted is not sifliciently protected while a complete deletion operation is performed.